﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        btnLogin.Attributes.Add("onclick", "return VerifyLogin()");
    }

    protected void btnLogin_Click(object sender, EventArgs e)
    {
        try
        {
            DataTable dt = new DataTable();
            DBConn oDBConn = new DBConn();
            oDBConn.OpenConnection();

            SqlCommand oCommand = new SqlCommand("sp_Deal_User_SELECTBYID", oDBConn.DBConnection);
            oCommand.CommandType = CommandType.StoredProcedure;
            oCommand.Parameters.Add("@User_ID", SqlDbType.VarChar).Value = txtUserID.Text.Trim();

            SqlDataAdapter oDataAdapter = new SqlDataAdapter(oCommand);
            oDataAdapter.Fill(dt);
            oDataAdapter = null;
            oDBConn.Disconnect();
            if (dt.Rows.Count > 0)
            {
                string UserPassword = dt.Rows[0]["User_Password"].ToString();
                string strPassword = Security.CipherCode(txtPassword.Text);

                if (strPassword == UserPassword)
                {
                    if (dt.Rows[0]["User_Status"].ToString() == "True")
                    {
                        string strUserID = txtUserID.Text;
                        string strFullName = dt.Rows[0]["User_FirstName"].ToString() + " " + dt.Rows[0]["User_LastName"].ToString();
                        if (dt.Rows[0]["User_UserType_ID"].ToString() == "1")
                        {
                            Session["USER_USERID"] = strUserID;
                            Session["USER_FULLNAME"] = strFullName;
                            Session["USER_TYPE"] = dt.Rows[0]["User_UserType_ID"].ToString();
                            //Session["SHOP_ID"] = dt.Rows[0]["User_Shop_ID"].ToString();
                            Response.Redirect("../admin/Search.aspx");
                        }
                        else
                        {
                            //if (chkCookie.Checked)
                            //{
                            //    HttpCookie newCookie = new HttpCookie("PTTEventRegistration");
                            //    newCookie["USER_USERID"] = strUserID;
                            //    newCookie["USER_FULLNAME"] = strFullName;
                            //    newCookie["USER_TYPE"] = dt.Rows[0]["User_Type"].ToString();
                            //    newCookie.Expires = DateTime.Now.AddYears(1);
                            //    Response.Cookies.Add(newCookie);
                            //}

                            Session["USER_USERID"] = strUserID;
                            Session["USER_FULLNAME"] = strFullName;
                            Session["USER_TYPE"] = dt.Rows[0]["User_UserType_ID"].ToString();
                            Session["SHOP_ID"] = dt.Rows[0]["User_Shop_ID"].ToString();
                            //string ShopID = dt.Rows[0]["User_Shop_ID"].ToString();

                            ////Update Last Login Datetime
                            //oCommand = new SqlCommand("sp_ER_User_UPDATE_LOGIN", oDBConn.DBConnection);
                            //oCommand.CommandType = CommandType.StoredProcedure;
                            //oCommand.Parameters.Add("@USER_ID", SqlDbType.VarChar).Value = txtUserID.Text.Trim();
                            //oCommand.ExecuteNonQuery();
                            //oDBConn.Disconnect();

                            Response.Redirect("../shop/Shop.aspx");
                        }
                    }
                    else
                    {
                        trMessage.Visible = true;
                        lblMessage.Text = "<br>ผู้ใช้นี้ ไม่สามารถใช้งานได้ กรุณาติดต่อผู้ดูแลระบบ<br><br>";
                    }
                }
                else
                {
                    ////Update Last Login Failure Datetime
                    //oCommand = new SqlCommand("sp_ER_User_UPDATE_LOGIN_FAILURE", oDBConn.DBConnection);
                    //oCommand.CommandType = CommandType.StoredProcedure;
                    //oCommand.Parameters.Add("@USER_ID", SqlDbType.VarChar).Value = txtUserID.Text.Trim();
                    //oCommand.ExecuteNonQuery();
                    //oDBConn.Disconnect();

                    trMessage.Visible = true;
                    lblMessage.Text = "<br>ระบุผู้ใช้ หรือรหัสผ่าน ไม่ถูกต้อง<br><br>";
                }
            }
            else
            {
                trMessage.Visible = true;
                lblMessage.Text = "ระบุผู้ใช้ หรือรหัสผ่าน ไม่ถูกต้อง";
            }
        }
        catch (Exception ex)
        {
            trMessage.Visible = true;
            lblMessage.Text = "<br>" + ex.Message + "<br><br>";
        }
    }


    protected void btnForgetPassword_Click(object sender, EventArgs e)
    {
        Response.Redirect("../user/UserForgetPassword.aspx");
    }
}
